Dropbox is designed with multiple layers of protection across a distributed, reliable infrastructure. Securely access files from desktop, web, and mobile, or through connected third-party apps.
It's our responsibility to protect your files from unauthorized access. We've designed policies and controls to safeguard the collection, use, and disclosure of your information.
Dropbox offers several tools to protect your account from attacks. To help keep your files safe, enable two-step verification, monitor third-party apps, and adjust your security settings.
Dropbox protects files in transit between our apps and our servers, and at rest. Each file is split into discrete blocks, which are encrypted using a strong cipher. Only blocks that have been modified are synced. Learn more
Dropbox saves a history of all deleted and previous versions of files, and allows you to restore them for up to 30 days. Extended version history is available as a Dropbox Plus subscription add-on. Dropbox Business users have 180 days to recover deleted files. Learn more
We regularly test our infrastructure and apps to identify and patch vulnerabilities. We also work with third-party specialists, industry security teams, and the security research community to keep our users and their files safe. Potential security bugs and vulnerabilities can be reported to us on the third-party service HackerOne.
Dropbox has terms and guidelines for third-party developers to create apps that connect to Dropbox while respecting user privacy and account security. In addition, we use OAuth, an industry-standard protocol for authorization, to allow users to grant apps different levels of account access without exposing their account credentials. Learn more
We publish a transparency report to share how often we receive government data requests, as well as our government data request principles which guide our responses to those requests. Those principles include being transparent, fighting overly broad requests, providing trusted services, and protecting all of our users, no matter where they are.
Dropbox is certified under the EU-U.S. and Swiss-U.S. Privacy Shield framework. Data hosting based in Europe is available for Dropbox Business customers with 15+ seats. Speak with our sales team to learn more.
Organizations established in the EU and processing personal data of EU-based individuals have been required to comply with the General Data Protection Regulation (GDPR). Our Legal, Trust and Security teams have carefully scrutinized the GDPR and taken all necessary steps to identify changes that needed to be made. We are GDPR compliant and continue to help our customers with their GDPR requirements.
Create a password that you don't use anywhere else, and make it hard to guess. Test your password with our strength estimator when you create your account or reset your password. Learn more
This security feature adds an extra layer of protection to your account. Once enabled, Dropbox will require a six-digit code or a USB security key when signing in or linking a new device. For security keys, Dropbox supports the open standard FIDO Universal 2nd Factor (U2F). A U2F security key uses cryptographic communication and provides additional protection against credential theft attacks like phishing. Enable it now or learn more.
From the Security page, you can easily monitor linked devices, active web sessions, and third-party apps with access to your account. Something doesn't look right? You can cut off access in seconds. From the Events page, you can track changes to files and folders, including edits, deletions, and shared folder membership.
Attackers may try to steal sensitive information by pretending to be Dropbox or other services you trust. Be on the lookout for unfamiliar emails, websites, and links that try to trick you into entering your password or other sensitive information. Additionally, if you see anything suspicious being hosted on Dropbox, report it to us. Learn more